8.6
CVE-2024-9491 - Uncontrolled search path can lead to DLL hijacking in Configuration Wizard 2 installer
DLL hijacking vulnerabilities, caused by an uncontrolled search path in Configuration Wizard 2 installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
8.6
CVE-2024-9490 - Uncontrolled search path can lead to DLL hijacking in Silicon Labs IDE installer
DLL hijacking vulnerabilities, caused by an uncontrolled search path in Silicon Labs (8-bit) IDE installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
4.3
CVE-2024-10324 - RomethemeKit For Elementor <= 1.5.2 - Authenticated (Contributor+) Sensitive Information Exposure vβ¦
The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the register_controls function in widgets/offcanvas-rometheme.php. This makes it possible for authenticated attackers, with Contributor-level access anβ¦
5.4
CVE-2024-11913 - Activity Plus Reloaded for BuddyPress <= 1.1.1 - Authenticated (Subscriber+) Blind Server-Side Requβ¦
The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.1 via the 'ajax_preview_link' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make webβ¦
8.8
CVE-2024-41739 - IBM Cognos Dashboards on Cloud Pak for Data privilege escalation
IBM Cognos Dashboards 4.0.7 and 5.0.0 on Cloud Pak for Data could allow a remote attacker to perform unauthorized actions due to dependency confusion.
7.5
CVE-2024-13408 - Post Grid, Slider & Carousel Ultimate β with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.1β¦
The Post Grid, Slider & Carousel Ultimate β with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' attribute of the `pgcu` shortcode. This makes it possible for authenticated attackerβ¦
6.4
CVE-2024-13354 - Responsive Addons for Elementor β Free Elementor Addons Plugin and Elementor Templates <= 1.6.4 - Aβ¦
The Responsive Addons for Elementor β Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML tags in several widgets in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This β¦
4.3
CVE-2024-13335 - Sastra Essential Addons for Elementor β Free Elementor Addons, Widgets and Templates <= 1.0.14 - Miβ¦
The Spexo Addons for Elementor β Free Elementor Addons, Widgets and Templates plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the tmpcoder_theme_install_func() function in all versions up to, and including, 1.0.14. This makes it possible for authenticaβ¦
6.4
CVE-2024-13542 - WP Google Street View (with 360Β° virtual tour) & Google maps + Local SEO <= 1.1.3 - Authenticated (β¦
The WP Google Street View (with 360Β° virtual tour) & Google maps + Local SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgsv' shortcode in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied aβ¦
6.5
CVE-2024-13594 - Simple Downloads List <= 1.4.2 - Authenticated (Contributor+) SQL Injection
The Simple Downloads List plugin for WordPress is vulnerable to SQL Injection via the 'category' attribute of the 'neofix_sdl' shortcode in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL queβ¦